A theory of enterprise risk management

Research output: Contribution to journalArticle


Purpose: The purpose of this paper is to develop a theory of enterprise risk management (ERM). Design/methodology/approach: The method is to develop a theory for ERM based on identifying the general risk management problems that it is supposed to solve and to apply the principle of deduction based on these premises. Findings: ERM consists of risk governance, which is a set of mechanisms that deals with the agency problem of risk management and risk aggregation, which is a set of mechanisms that deals with the information problem of risk management. Research limitations/implications: The theory, by identifying the central role of the Board of Directors, encourages further research into the capabilities and incentives of directors as determinants of ERM adoption. It also encourages research into how ERM adoption depends on proxies for agency problems of risk management, such as a decentralized company structure. Practical implications: The theory encourages Boards of Directors to focus on understanding where the under and over management of risk are likely to be greatest, as opposed to the current practice of mapping a large number of risk factors. Originality/value: The theory complements existing theory on corporate risk management, which revolves around the role of external frictions, by focusing on internal frictions in the firm that prevent effective risk management. It is the first work to delineate ERM vis-a-vis existing risk theory.


Research areas and keywords

Subject classification (UKÄ) – MANDATORY

  • Business Administration


  • Board of directors, Economic capital, Enterprise risk management, Risk governance
Original languageEnglish
Pages (from-to)565-579
JournalCorporate Governance (Bingley)
Issue number3
Early online date2019 Jan 7
Publication statusPublished - 2019
Publication categoryResearch